be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
1) hf_reload_dmflags is 8 bytes, not 64 bytes.
2) Swap dissection order of dmflags and length.
3) Register ett_reload_self_tuning_data and ett_reload_diagnosticrequest.
#BACKPORT(1.8)
svn path=/trunk/; revision=47789
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
Also (for a few files):
- create/use some extended value strings;
- remove unneeded #include files;
- remove unneeded variable initialization;
- re-order fcns slightly so prefs_reg_handoff...() at end, etc
svn path=/trunk/; revision=44438
implicitly by the #define name and string they were defined to; not all
UATs neatly fit into any of the categories, so some of them were put
into categories that weren't obviously correct for them, and one - the
display filter macro UAT - wasn't put into any category at all (which
caused crashes when editing them, as the GUI code that handled UAT
changes from a dialog assumed the category field was non-null).
The category was, in practice, used only to decide, in the
aforementioned GUI code, whether the packet summary pane needed to be
updated or not. It also offered no option of "don't update the packet
summary pane *and* don't redissect anything", which is what would be
appropriate for the display filter macro UAT.
Replace the category with a set of fields indicating what the UAT
affects; we currently offer "dissection", which applies to most UATs
(any UAT in libwireshark presumably affects dissection at a minimum) and
"the set of named fields that exist". Changing any UAT that affects
dissection requires a redissection; changing any UAT that affects the
set of named fields that exist requires a redissection *and* rebuilding
the packet summary pane.
Perhaps we also need "filtering", so that if you change a display filter
macro, we re-filter, in case the display is currently filtered with a
display filter that uses a macro that changed.
svn path=/trunk/; revision=43603
packet-reload.c:2875:13: warning: Although the value stored to
'local_offset' is used in the enclosing expression, the value is
never actually read from 'local_offset'
although as I read the C90 spec the code is doing pretty much what it
should be doing and the rewritten code does the same thing. However,
it's also a bit more complicated and harder to read than the rewritten
code.
svn path=/trunk/; revision=39840
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in SVN #39260)
svn path=/trunk/; revision=39328
-Fixes in reload fragmentation
-also updated the code to reflect draft-zong-p2psip-drr-01
From me:
Remove one line of the patch which appears to be incorrect:
At about line 4118 (in dissect_reload_message())
- pinfo->fragmented = save_fragmented;
+ pinfo->fragmented = pinfo->fragmented;
svn path=/trunk/; revision=39309
- Follow closely draft-ietf-p2psip-base-18
- Added support for draft-ietf-p2psip-base-18,
draft-ietf-p2psip-sip-06,
draft-ietf-p2psip-service-discovery-03,
draft-ietf-p2psip-self-tuning-04,
draft-ietf-p2psip-diagnostics-06,
draft-zong-p2psip-drr-00,
- Handoff to the xml dissectors for
configuration data
- export the message content dissection function
in the new packet-reload.h file for use in
related protocols (draft-hautakorpi-p2psip-with-hip-01)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6317
From me:
- Fix a few C++ style comments;
- Fix:
packet-reload.c(2156) ... conversion from 'guint64' to 'guint32', possible loss of data
packet-reload.c(3528) ... conversion from 'guint64' to 'guint32', possible loss of data
Note: Additional fix yet req'd since checkhf.pl gives:
ERROR: NO ARRAY: packet-reload.c, hf_reload_dmflag_underlay_hop
Unused entry: packet-reload.c, hf_reload_storeddata_signature
Unused entry: packet-reload.c, hf_reload_storeddataspecifiers
(Compile is OK).
svn path=/trunk/; revision=39301
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
From Marc Petit-Huguenin:
- Removed directResponseForwarding.
- The certificate_type enum is now defined as RFC 6091's CertificateType
so moved the definition to packet-ssl-utils.[ch].
- Fixed invalid values for CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER
Kinds.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5967
svn path=/trunk/; revision=37452
Further research shows that registering the dissector
to "tcp.port" and "udp.port" was explicitly removed in SVN #34969
and thus the code to create tcp and udp handles and the associated
dissect_reload_tcp() and dissect_reload_udp() code is no longer
needed.
svn path=/trunk/; revision=37231
- Use "RELOAD" everywhere.
- Fix invalid variable name "reload_framing.probe_information.type".
- Fix various names to match the spec.
- Dissect the X.509 certificate embedded in RELOAD messages.
- Use tls_signature_algorithm and tls_hash_algorithm tables in
packet-ssl-utils.
From me: take out the tabs. Keep the long dissector name when registering the
protocols.
svn path=/trunk/; revision=37003
*Bug Fixes
*NodeId length is now configurable
*Added missing messages
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5620
From me:
-Remove trailing blanks from a few lines;
-Put "editor mode lines" at the end of the source file.
svn path=/trunk/; revision=35674
This is a dissector for reload framed message:
ReLOAD packets can be inserted in frame message, as described in
draft-ietf-p2psip-base-10
From me: remove some unnecessary includes.
svn path=/trunk/; revision=35005